• 首页
  • vue
  • TypeScript
  • JavaScript
  • scss
  • css3
  • html5
  • php
  • MySQL
  • redis
  • jQuery
  • crack_check()

    (PECL crack >= 0.1)

    用给定的密码来进行破解测试

    说明

    crack_check(resource $dictionary,string $password): bool
    crack_check(string $password,string $username= "",string $gecos= "",resource $dictionary= NULL): bool

    使用特定字典中给定的密码来进行密码强度检测。可供选择的特征(The alternative signature)还考虑用户名和GECOS信息。

    Warning

    此函数是实验性的。此函数的表象,包括名称及其相关文档都可能在未来的PHP 发布版本中未通知就被修改。使用本函数风险自担。

    参数

    $dictionary

    破解库所使用的字典,如果没有指定,则使用最后一次打开的字典。

    $password

    需要检查的密码。

    $username

    用于密码检测的这个账户的用户名。

    $gecos

    用户账户的 GECOS 信息。

    返回值

    返回TRUE如果$password足够安全,或者返回FALSE表示可能需要进一步的操作.

    更新日志

    版本说明
    0.3$username$gecos$dictionary字段被添加到了可供选择的特征(alternative signature)中。
    In addition to the usual checks crack can also check for similarities between the password and a username and gecos field (the gecos field normally contains the person's full name on unix systems).
    There is a third format for the function call which supplies these additional parameters:
    bool crack_check (string $password, string $username, string $gecos, resource $dictionary)
    This is true of PECL crack version 0.4, I'm not sure about earlier versions.
    If you need to test a password with cracklib but don't have the necessary module available in PHP, you can use a function like this.
    It requires the command line cracklib-check binary in /usr/sbin, but changing its location is trivial.
    The $message variable will contain cracklib's complaint (if there is one)
    You'll want to wrap your invocation of this function in a try...catch block.
    <?php
    function cracklibCheck($password, &$message)
    {
      // Clean up password
      $password=str_replace("\r", "", $password);
      $password=str_replace("\n", "", $password);
      // Run password through cracklib-check
      exec("echo ".escapeshellarg($password)." | /usr/sbin/cracklib-check 2>/dev/null", $output, $return_var);
      
      // Check it ran properly
      if($return_var==0)
      {
        if(preg_match("/^.*\: ([^:]+)$/", $output[0], $matches))
        {
          // Check response
          if(strtoupper($matches[1])=="OK")
          {
            // Password is strong
            $message="";
            return(true);
          }
          else
          {
            // Cracklib doesn't like it
            $message=$matches[1];
            return(false);
          }
        }
        else
        {
          // Badly formatted response from cracklib-check.
          throw new Exception("Didn't understand cracklib-check response.");
        }
      }
      else
      {
        // Some sort of execution error
        throw new Exception("Failed to run cracklib-check.");
      }
    }
    ?>